Show HN: Malai – securely share local TCP services (database/SSH) with others

Kulfi is a network (peer to peer) which support http/https even tcp can be sent over kulfi.

Kulfi App is a web browser that talks kulfi protocol natively, so you can open kulfi://<id52> natively. malai is the server side part of this story, and can expose existing HTTP/TCP services over kulfi:// network.

For DNS, here is my initial deign/thought: https://github.com/kulfi-project/kulfi/discussions/55

For access control, we are working on a "what-to-do" service, which is an bunch HTTP/JSON APIs, that will be called by the malai (which runs on your server, or even as part of Django/Node/Golang once we wrap malai as a cffi library, and write corresponding Python/Node etc packages). You will be able to write the what-to-do in any framework you like, and we will maintain a general purpose open source what-to-do service.

malai: cream that forms on top of milk when it cools down, its a flavor of kulfi. kulfi: a milk based ice cream / desert. Nothing to do with networking etc, just a desert I enjoyed since childhood :-)

Kulfi is the official name of the project, and the name of the "peer to peer internet" "id52/identity based internet", so kulfi net.

Kulfi App is going to be a browser like Google Chrome, available on various app stores, and it will speak both http over tcp and http over kulfi. Kulfi app acts like client (but is also a server, so on your iPhone tomorrow you can install Kulfi, which will let you access any http over kulfi site, and also will run a web server which is exposed over kulfi net for others to access, so my Android phone's Kulfi browser can connect with the your iPhones Kulfi's web server, with no intermediary [1]).

malai is ready now, and it is a Swiss army knife toolkit for working with kulfi net. Currently malai can expose a HTTP or TCP service over kulfi net.

Malai also has a "http bridge" feature, which bridges any malai exposed http over kulfi service with the http over tcp, so people can use regular browsers to access malai exposed HTTP services.

[1]: we are using https://www.iroh.computer/blog/iroh-dns, so their caveats apply.

  $ echo -n c1b2d4463e503765b7422e126ea7ff5633ba5903f97b700ac818 | wc -c
    52

It's magic man-in-the-middle and we're the magicians here

We are using iroh[1] internally, so the question is does iroh support these things? The quickest way to answer this would be to test it. Can you help me with what kind of setup would be needed for me to test this?

[1]: https://www.iroh.computer

A few more:

No explanation of how it works

Comments in this thread reveal a bunch of obscure components that also don't have much details.

fastn is an ingredient to kulfi project. fastn.com is a full stack programming language we (FifthTry, Inc, the company behind these) have built, and it is the web server that is going to be part of Kulfi app.

The comparison posts, TODO, copyright etc we will do/fix when we get around to it. It's all open source, you can send PRs as well.

To be fair, assigning copyright to the reader is a good first step to build trust :)

Or ngrok, or Cloudflare Tunnel or https://github.com/anderspitman/awesome-tunneling

Unlike tailscale/ngrok, malai is completely open source, does not rely on any company provided infrastructure (we have a http bridge to bridge http/tcp with http/kulfi at *.kulfi.site, but you can run your own http bridge), and once Kulfi app is ready, you will not need the bridge at all and Kulfi app (which is also basically a browser that speaks http(s) over kulfi along with http(s) over tcp) can talk kulfi protocol directly.

Among other clear differences, it looks like tailscale requires you to sign in with some cloud provider and Malai does not.

I use and like tailscale for similar purposes, but I can see why some people might prefer to skip that aspect, especially.

Indeed.

https://tailscale.com/kb/1312/serve